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In the Claims 

Please cancel claims 32, 33, and 34. 

1. (Original) A virtual private network including an internal secured portion which 
connects via at least a first gateway and a second gateway to an external portion, 
the network comprising: 

a plurality of workstations including at least one mobile workstation in the external 
portion; 

the first gateway; 

the second gateway; and 

means for automatically changing the point through which the mobile workstation 
communicates with the internal portion of the network from the first gateway to the 
second gateway, in response to movement of the mobile workstation. 

2. (Original) A network as claimed in claim 1 , further comprising transfer means for 
transferring context information usable by a gateway in communications with the 
mobile workstation, to the second gateway. 

3. (Original) A network as claimed in claim 2, wherein the context information 
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includes an identifier of the mobile workstation. 

4. (Original) A network as claimed in claim 3 wherein the identifier is the home 
address of the mobile workstation. 

5. (Currently Amended) A network as claimed in claim 2, wherein the 
context information includes material for defining secure communication means 
by which information is transferable securely between the mobile workstation in 
the external portion of the network and the internal portion of the network, via the 
second gateway. 

6. (Original) A network as claimed in claim 5, wherein the secure communication 
means is a security association pair between the second gateway and the mobile 
workstation. 

7. (Currently Amended) A network as claimed in any on e of claims 2 te-6, wherein 
the transfer means is physically separate from the first gateway. 
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8. (Currently Amended) A network as claimed in any on e of claims 2 te^ f wherein 
the transfer means additionally transfers information to the mobile workstation for 
enabling communications between the mobile workstation and the second 
gateway. 

9. (Original) A network as claimed in claim 8 wherein the information transferred to 
the mobile workstation enables secure communication means by which 
information is transferable securely between the mobile workstation in the 
external portion of the network and the internal portion of the network, via the 
second gateway. 

1 0. (Original) A network as claimed in claim 9, wherein the secure communication 
means is a security association pair between the mobile workstation and the 
second gateway. 

1 1 . (Original) A network as claimed in claim 8, 9 or 10, wherein the information 
transferred to the mobile workstation comprises the address of the second 
gateway. 
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12. (Currently Amended) A network as claimed in any on e of claims 8 to 11 , 
wherein the information transferred to the mobile workstation is transferred 
between the first gateway and the mobile workstation using an existing security 
association between the mobile workstation and the first gateway. 

1 3. (Currently Amended) A network as claimed in any pr e ceding claim 1 wherein 
the second gateway comprises one or more databases which are updated to 
enable the internal portion of the network and the mobile workstation in the 
external portion of the network to communicate via the second gateway. 

14. (Original) A network as claimed in claim 13, wherein the one or more 
databases are a Security Policy Database and a Security Association Database. 

15. (Currently Amended) A network as claimed in any pr e c e d i ng claim 1 wherein 
the mobile workstation comprises one or more databases which are updated to 
enable the internal portion of the network and the mobile workstation in the 
external portion of the network to communicate via the second gateway. 
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16. (Original) A network as claimed in claim 15, wherein the one or more 
databases are a Security Policy Database and a Security Association Database. 

1 7. (Currently Amended) A network as claimed in any pr e c e ding claim 1 further 
comprising location detection means for detecting the location of the mobile 
workstation and initiating a change in the point through which the mobile 
workstation communicates with the internal portion of the network, from the first 
gateway to a better gateway. 

18. (Original) A network as claimed in claim 17, wherein the gateway is better 
because it is closer to the mobile workstation and/or it is optimal for routing 
existing sessions. 

19. (Currently Amended) A network as claimed in claim 17 or 18 , wherein the 
detection means is responsive to a location identifier received from the mobile 
workstation. 
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20 (Original) A network as claimed in claim 1 9, wherein the location identifier is the 
care-of-address of the mobile workstation. 

21 . (Original) A network as claimed in claim 20, wherein the identifier is received 
during a mobility binding update. 

22. (Currently Amended) A network as claimed in any on e of claims 17 to 21 , 
wherein the location detection means is separate from the first gateway. 

23. (Currently Amended) A network as claimed in claim 22 wh e n dep e nd e nt upon 
c l a i m 7 , wherein the transfer means is physically separate from the first gateway 
and wherein the location detection means and transfer means are housed 
together. 

24. (Currently Amended) A network as claimed in any pr e c e d i ng claim 1 wherein 
the first gateway and the second gateway are in distinct physically separated 
segments of the network. 
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25. (Currently Amended) A network as claimed in any pr e c e d i ng claim 1, wherein 
the mobile workstation communicates with the internal portion of the network via 
the first gateway and also via the second gateway simultaneously for a transition 
period, before communicating via the second gateway only. 

26 (Currently Amended) A network as claimed in any pr e c e ding claim I wherein 
the mobile workstation is involved in a session with a correspondent node. 

27. (Original) A network as claimed in claim 26, wherein the correspondent node 
is located in the internal portion of the network and the mobile workstation is 
located in the external portion of the network. 

28. (Original) A method of optimizing the route by which information travels 
between a mobile node in an external portion of a network and a correspondent 
node in an internal portion of a network, comprising the steps of: 
determining when a first serving gateway through which the mobile node 
communicates with the internal portion of the network, is sub-optimal; 
identifying a second gateway; and 



10 



transferring the point through which the mobile node communicates with the 
internal portion of the network from the first serving gateway to the second 
gateway. 

29. (Original) A mobile workstation for connecting to an external portion of a 
network that includes an internal secured portion connected, via a first gateway 
and a second gateway to the external portion, comprising: 

means arranged to receive, via the first secure communication means, an 
identifier of a second gateway; and 

means arranged to change from communicating with the internal portion of the 
network through the first gateway to communicating via the second gateway. 

30. (Original) A mobile workstation as claimed in claim 23, further comprising 
means for using a first secure communication means by which information is 
transferable securely between the internal portion of the network and the mobile 
workstation via the first gateway, to receive the identifier of the second gateway; 

31. (Currently Amended) A mobile workstation as claimed in claim 23 or 24 , 
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further comprising means for using a second secure communication means to 
transfer information securely between the internal portion of the network and the 
mobile workstation via the second gateway; 

32. (Cancelled) 

33. (Cancelled) 

34. (Cancelled) 



